Pinned Repositories
Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021-
CVE-2018-8021 Proof-Of-Concept and Exploit
awesome-burp-extensions
A curated list of amazingly awesome Burp Extensions
awsome-security-write-ups-and-POCs
Awesome Writeups and POCs
cisco-snmp-rce
Cisco IOS SNMP RCE PoC
CVE-2018-7600-Drupal-RCE
CVE-2018-7600 Drupal RCE
CVE-2019-1215
CVE-2019-19576
This is a filter bypass exploit that results in arbitrary file upload and remote code execution in class.upload.php <= 2.0.3
CVE-2021-26855_SSRF
POC of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-26865, ProxyLogon poc
nareshmail's Repositories
nareshmail/Android_Kernel_CVE_POCs
A list of my CVE's with POCs
nareshmail/Apache-Struts-v3
nareshmail/Apache-Struts-v3-1
nareshmail/AutoSQLi
An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.
nareshmail/BurpSuite_Pro_v1.7.32
BurpSuite_Pro_v1.7.32
nareshmail/can-i-take-over-xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
nareshmail/cecil
Cecil is a library to inspect, modify and generate .NET programs and libraries.
nareshmail/CVE-2018-15685
POC for CVE-2018-15685
nareshmail/ephemera-miscellany
Ephemera and other documentation associated with the 1337list project.
nareshmail/GPON
Python exploit for Remote Code Executuion on GPON home routers (CVE-2018-10562). Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work.
nareshmail/jpexs-decompiler
JPEXS Free Flash Decompiler
nareshmail/lpeworkshop
Windows / Linux Local Privilege Escalation Workshop
nareshmail/mailinabox
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
nareshmail/merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
nareshmail/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
nareshmail/pentest
:no_entry: offsec batteries included
nareshmail/PowerShdll
Run PowerShell with rundll32. Bypass software restrictions.
nareshmail/presentations
nareshmail/put2win
Script to automatize shell upload by PUT HTTP method to get meterpreter
nareshmail/randomrepo
Repo for random stuff
nareshmail/S3Scanner
Scan for open AWS S3 buckets and dump the contents
nareshmail/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
nareshmail/Security-Research
Exploits written by the Rhino Security Labs team
nareshmail/struts-pwn_CVE-2018-11776
An exploit for Apache Struts CVE-2018-11776
nareshmail/subfinder
SubFinder is a subdomain discovery tool that can enumerate massive amounts of valid subdomains for any target. It has a simple modular architecture and has been aimed as a successor to sublist3r project.
nareshmail/TakeOver-v1
Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability.
nareshmail/TheDoc
TheDoc is a simple but very useful SQLMAP automator with built in admin finder, hash cracker(using hashca) and more!
nareshmail/TheLastSliceGame
Do you have what it takes to deliver the famous Bitcoin pizza in this retro arcade-style game? The Last Slice will put your skills to the test as you play through 3 levels of pizza-delivering mayhem. The goal is simple. Deliver the Bitcoin pizza and collect your tip, now worth $10,000. So, who will nab The Last Slice?
nareshmail/tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
nareshmail/ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.